发表新帖
发表新帖

Sharing Authentication between ASP.NET sites

前端 未结
关注
4 2042
再見小時候
再見小時候 2021-01-01 08:10

I have two ASP.NET sites (they can not run in the same process) and I need to share authentication between them. If a user is in site A already authenticated and then goes

相关标签:
4条回答
  • 青春惊慌失措
    2021-01-01 08:21

    If you are using Forms Authentication you can do this by setting the Machine Key.

    See: Forms Authentication Across Applications

    0 讨论(0)
  • 借酒劲吻你
    2021-01-01 08:22

    Check out the Windows Communication Authentication Service. Won't quite handle single sign-on like you want, but it should at least let people login across the board with the same credentials.

    0 讨论(0)
  • 悲&欢浪女
    2021-01-01 08:29

    Select one site to be the "master" which handles all the logins. We will call that one site A, and the non-login site B.

    When a user uses the login form on A, it should set a cookie with some unique identifier, such as a GUID. As long as that cookie is valid, the user should stay logged in.

    When a user goes to site B, site B should set a cookie with its own unique identifier (another GUID), then redirect to the login on site A, passing along the unique ID in the querystring: Response.Redirect("http://siteA.com/login.aspx?id=ABCDEF")

    When the user logs in on the form on A, we should update site B's database - maybe via web service - with the user ID and the unique ID which was passed along - essentially letting site B know "when a user with ABCDEF in their cookie hits your site, it is actually User387".

    Then redirect back to site B. The cookie from earlier is still set, but site B now reads that cookie and finds a corresponding user ID, so it knows who the user is and allows access.

    When the user arrives on site A, if they have already logged in previously to site A, it will recognize their cookie, follow the same steps as above, and redirect immediately.

    This is a very simple version of what every single-sign-on service does. A user will only be sent to A's login page once, no matter where they start from (site A or site B).

    0 讨论(0)
  • 难免孤独
    2021-01-01 08:34

    Are they in the same domain?

    If you have app1.blah.com and app2.blah.com, it's very easy to do. Just set the domain and the name to the same value in the forms-section in web.config:

    <authentication mode="Forms">
      <forms loginUrl="login.aspx"
        name=".COOKIENAME" 
        protection="All"  
        path="/" 
        domain="blah.com" 
        timeout="30" />
    </authentication>

    An added benefit is that users can sign into either site and will still be authenticated if they go to the other one.

    0 讨论(0)
 看不清?
提交回复
热议问题